Security Incidents mailing list archives

Re: @home: Is *anyone* really home there???


From: wozz+incidents () WOOKIE NET (Wozz)
Date: Mon, 28 Feb 2000 17:25:33 -0700


On Mon, Feb 28, 2000 at 11:32:39AM -0500, Greg A. Woods wrote:
[ On Friday, February 25, 2000 at 18:41:39 (-0700), Wozz wrote: ]
Subject: Re: @home: Is *anyone* really home there???

  I'm the head of the security department for a large nationwide
  cable modem provider that is in the exact same situation @home
  is.  We get hundreds and hundreds of complaints a day, often times
  about how someone's "hacking" them, when in fact, someone misdirected
  a web browser in their direction.

I've had words with the Jammer support folks to try and convince them
that (a) this kind of event is not necessarily a "scan" of any type and
it is most definitely not a "TCP port scan" when seen on its own, and
(b) it's just as likely that the source address is forged, (c) to use a
better choice of words and to avoid "hack" and "attack" and their
derivatives, and finally (d) to include the IP number of the client at
the time of the incident.  Unfortunately I don't think I've had any
success at convincing them to change anything at all.

Jammer is the worst offender.  Its gotten to the point where I'm ready to
start ignoring Jammer reports, since i think i've had 1 out of maybe 2000
reports from Jammer state anything useful.  I've also talked to them abotu
this "port scan" message and never got a response.

BTW everyone, I really really really detest the misuse of the words
"attack" and "hacker" in any of these situations.  Wozz put the word in
quotes which is correct, but the Jammer folks don't and the Jammer
subject line nearly drives me up the wall even before I read the
messages!  (Yes I manage my own stress level so as to avoid popping any
important blood vessels over this!  ;-)

The overuse of these home "firewall" solutions is making overall security
worse, IMHO.  I spend a majority of my time at work filtering through stuff
like this, and not spending time working on things that would actually improve
security.  Thankfully, I've just recently gotten approval to hire someone to
just sit there and sift through all this junk for me.


Current thread: